program:
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x1)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000080)={0xf0f021})
r2 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x30314752, 0x0, 0x0, 0x0, 0x0, 0x2}})
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000080)={0x9, 0x0, 0x0, {0x0, 0x300, 0x0, 0x80000300}})
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000480), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@gettaction={0x1c, 0x32, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3e92}]}, 0x1c}}, 0x40040d0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r8, &(0x7f00000006c0)='ns/cgroup\x00')
syz_open_procfs(r8, &(0x7f0000000040)='oom_score\x00')
chdir(&(0x7f0000000340)='./file0\x00')
unlink(&(0x7f0000000000)='./file0\x00')
syz_emit_ethernet(0x0, 0x0, 0x0)
r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8)
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002540)=@newqdisc={0x24, 0x29, 0x1, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x5}, {0xffff, 0xffff}, {0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x4000000)
ioctl$SG_IO(r9, 0x2285, &(0x7f0000000640)={0x53, 0xfffffffffffffffc, 0xe, 0xf5, @scatter={0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)=""/1, 0x1}, {&(0x7f0000002580)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/131, 0x83}, {&(0x7f0000000580)=""/172, 0xac}]}, &(0x7f0000000280)="01674341a3a4a517d1eb4a311058", &(0x7f0000000400)=""/74, 0xfffffff9, 0x10012, 0x0, &(0x7f0000000300)})

[   69.208884][ T4670] Bluetooth: hci0: command tx timeout
[   69.322957][ T5325] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[   69.326789][ T5325] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5325, name: syz.0.0
[   69.333011][ T5325] preempt_count: 0, expected: 0
[   69.335787][ T5325] RCU nest depth: 1, expected: 0
[   69.337833][ T5325] 4 locks held by syz.0.0/5325:
[   69.340794][ T5325]  #0: ffff888034156b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[   69.344522][ T5325]  #1: ffff888044c38148 (&type->i_mutex_dir_key#9){.+.+}-{4:4}, at: iterate_dir+0x4a6/0x760
[   69.349256][ T5325]  #2: ffffffff8ed3dfa0 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[   69.352942][ T5325]  #3: ffff88803fbc15e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0
[   69.356670][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) 
[   69.356684][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.356691][ T5325] Call Trace:
[   69.356698][ T5325]  <TASK>
[   69.356703][ T5325]  dump_stack_lvl+0x241/0x360
[   69.356722][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.356747][ T5325]  __might_resched+0x558/0x6c0
[   69.356766][ T5325]  ? __pfx___might_resched+0x10/0x10
[   69.356785][ T5325]  ? __alloc_frozen_pages_noprof+0x162/0x5b0
[   69.356799][ T5325]  prepare_alloc_pages+0x1eb/0x610
[   69.356815][ T5325]  __alloc_frozen_pages_noprof+0x162/0x5b0
[   69.356829][ T5325]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   69.356845][ T5325]  ? __lock_acquire+0xad5/0xd80
[   69.356863][ T5325]  alloc_pages_mpol+0x339/0x690
[   69.356880][ T5325]  ? __pfx_alloc_pages_mpol+0x10/0x10
[   69.356900][ T5325]  vma_alloc_folio_noprof+0x12d/0x260
[   69.356915][ T5325]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[   69.356935][ T5325]  folio_prealloc+0x2e/0x170
[   69.356946][ T5325]  do_wp_page+0x14f6/0x5e00
[   69.356971][ T5325]  ? __pfx_do_wp_page+0x10/0x10
[   69.356988][ T5325]  ? __lock_acquire+0xad5/0xd80
[   69.357001][ T5325]  ? do_raw_spin_lock+0x151/0x370
[   69.357027][ T5325]  handle_pte_fault+0xfaf/0x61c0
[   69.357043][ T5325]  ? __lock_acquire+0xad5/0xd80
[   69.357054][ T5325]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   69.357069][ T5325]  ? __pfx_handle_pte_fault+0x10/0x10
[   69.357087][ T5325]  ? rcu_is_watching+0x15/0xb0
[   69.357100][ T5325]  ? __count_memcg_events+0x1e1/0x3d0
[   69.357121][ T5325]  ? count_memcg_event_mm+0x96/0x440
[   69.357142][ T5325]  ? mtree_range_walk+0x700/0x8e0
[   69.357198][ T5325]  handle_mm_fault+0x1129/0x1bf0
[   69.357213][ T5325]  ? mt_find+0x28a/0x8f0
[   69.357241][ T5325]  ? __pfx_handle_mm_fault+0x10/0x10
[   69.357272][ T5325]  ? lock_mm_and_find_vma+0x9c/0x2f0
[   69.357290][ T5325]  exc_page_fault+0x2bb/0x920
[   69.357312][ T5325]  asm_exc_page_fault+0x26/0x30
[   69.357323][ T5325] RIP: 0010:filldir+0x2c4/0x6a0
[   69.357336][ T5325] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44
[   69.357343][ T5325] RSP: 0018:ffffc9000d637be0 EFLAGS: 00050283
[   69.357353][ T5325] RAX: 0000000000000020 RBX: 0000200000002010 RCX: 0000200000001ff0
[   69.357360][ T5325] RDX: ffffc9000e362000 RSI: 0000200000001fd8 RDI: 0000200000002010
[   69.357367][ T5325] RBP: 0000000000000004 R08: ffffffff824543ed R09: 1ffff1100015a000
[   69.357373][ T5325] R10: dffffc0000000000 R11: ffffed100015a001 R12: ffff888000cc0361
[   69.357380][ T5325] R13: 0000000000000005 R14: 0000200000001fd8 R15: 00007ffffffff000
[   69.357392][ T5325]  ? filldir+0x28d/0x6a0
[   69.357417][ T5325]  afs_dynroot_readdir+0x814/0xbe0
[   69.357431][ T5325]  ? __pfx___mutex_lock+0x10/0x10
[   69.357443][ T5325]  ? afs_dynroot_readdir+0x466/0xbe0
[   69.357457][ T5325]  ? __pfx_afs_dynroot_readdir+0x10/0x10
[   69.357472][ T5325]  ? common_file_perm+0x1a6/0x210
[   69.357492][ T5325]  iterate_dir+0x5a9/0x760
[   69.357508][ T5325]  __se_sys_getdents+0x1ff/0x4e0
[   69.357526][ T5325]  ? __pfx___se_sys_getdents+0x10/0x10
[   69.357537][ T5325]  ? __pfx_filldir+0x10/0x10
[   69.357556][ T5325]  ? do_syscall_64+0xb6/0x230
[   69.357571][ T5325]  do_syscall_64+0xf3/0x230
[   69.357583][ T5325]  ? clear_bhb_loop+0x45/0xa0
[   69.357596][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.357605][ T5325] RIP: 0033:0x7fe6add8d169
[   69.357615][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.357623][ T5325] RSP: 002b:00007fe6aec38038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[   69.357632][ T5325] RAX: ffffffffffffffda RBX: 00007fe6adfa5fa0 RCX: 00007fe6add8d169
[   69.357639][ T5325] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 000000000000000a
[   69.357645][ T5325] RBP: 00007fe6ade0e990 R08: 0000000000000000 R09: 0000000000000000
[   69.357651][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.357657][ T5325] R13: 0000000000000000 R14: 00007fe6adfa5fa0 R15: 00007ffee09db8a8
[   69.357673][ T5325]  </TASK>